CVE-2013-4155

OpenStack Swift < 1.9.1 - Authenticated Denial of Service via DELETE Request Timestamp Manipulation

Title source: llm
STIX 2.1

Description

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

References (8)

Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/swift/+bug/1196932
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2737
Various Sources x_refsource_misc
https://review.openstack.org/#/c/40646/
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/08/07/6
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2001-1
Various Sources x_refsource_misc
https://review.openstack.org/#/c/40645/
Various Sources x_refsource_misc
https://review.openstack.org/#/c/40643/
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1197.html

Scores

EPSS 0.0101
EPSS Percentile 77.4%

Details

CWE
CWE-119
Status published
Products (28)
openstack/folsom
openstack/grizzly
openstack/havana
openstack/swift 1.0.0
openstack/swift 1.0.1
openstack/swift 1.0.2
openstack/swift 1.1.0 (3 CPE variants)
openstack/swift 1.2.0 (3 CPE variants)
openstack/swift 1.3.0 (3 CPE variants)
openstack/swift 1.4.0
... and 18 more
Published Aug 20, 2013
Tracked Since Feb 18, 2026